1. Field of the Invention
The present invention relates to a technique for detecting email messages used for defrauding an individual (such as so-called “phishing” emails). The present invention provides a method, system and computer program for operating an EScam server that is capable of accepting an email message and determining whether the email message is a phishing email message.
2. Description of the Related Art
Phishing is a scam where a perpetrator sends out legitimate looking emails appearing to come from some of the World Wide Web's biggest and most reliable web sites for example—eBay, PayPal, MSN, Yahoo, CitiBank, and America Online—in an effort to “phish” for personal and financial information from an email recipient. Once the perpetrator obtains such information from the unsuspecting email recipient, the perpetrator subsequently uses the information for personal gain.
There are a large number of vendors today providing anti-phishing solutions. In all but a few cases, these solutions do not help to manage phishing emails proactively. Instead, they rely on providing early warnings based on known phishing emails, black lists, stolen brands, etc.
Currently, anti-phishing solutions fall into three major categories:                1) Link Checking Systems use black lists or behavioral technologies that are browser based to determine whether a site is linked to a spoofed site. Unfortunately, systems using black list solutions are purely reactive solutions that rely on third party updates of IP addresses that are hosting spoofed sites.        2) Early Warning Systems use surveillance of phishing emails via “honey pots”(a computer system on the Internet that is expressly set up to attract and ‘trap’ people who attempt to penetrate other people's computer systems), online brand management and scanning, Web server log analysis, and traffic capture and analysis technologies to identify phishing emails. These systems will identify phishing attacks quickly so that member institutions can get early warnings. However, none of these systems is proactive in nature. Therefore, these systems fail to protect a user from being victimized by a spoofed site.        3) Authentication and Certification Systems use trusted images embedded in emails, digital signatures, validation of an email origin, etc. This allows the customer to determine whether or not an email is legitimate.        
Current anti-phishing solutions fail to address phishing attacks in real time. Businesses using a link checking system must rely on a black list being constantly updated for protection against phishing attacks. Unfortunately, because the link checking system is not a proactive solution and must rely on a black list update, there is a likelihood that several customers will be phished for personal and financial information before an IP address associated with the phishing attack is added to the black list. Early warning systems attempt to trap prospective criminals and shut down phishing attacks before they happen; however, they often fail to accomplish these goals because their techniques fail to address phishing attacks that do not utilize scanning. Authentication and certification systems are required to use a variety of identification techniques; for example, shared images between a customer and a service provider which are secret between the two, digital signatures, code specific to a particular customer being stored on the customer's computer. Such techniques are intrusive in that software must be maintained on the customer's computer and periodically updated by the customer.
Accordingly, there is a need and desire for an anti-phishing solution that proactively stops phishing attacks at a point of attack and is non-intrusive.